Unable to connect to IRIS running in OpenShift containers

[oliverwilms]

Hello, I have been trying for a while to connect to IRIS instances running in Red Hat OpenShift Container platform. Sometimes I see server offline and server could not be reached. Right now I just see spinning wheel and I was prompted for password for one container which works correctly, but it does not prompt for the container I want to edit code in. I checked output but did not find anythying related to the servers I want to connect to.

[isc-bsaviano]

@oliverwilms Using Postman/curl/a browser on the same machine as VS Code, what happens when you try to GET the /api/atelier/ endpoint of the IRIS within the container? If the IRIS is reachable you should see some JSON with system information returned (or a 401 if you didn't provide credentials).

[oliverwilms]

I tested for the container defined here:

"msgbank-0": { "webServer": { "scheme": "https", "host": "helm-iris-msgbank-data-0-0-web.apps.vapo-aws-dsoi-dev.va.gov", "port": 443 }, "username": "_SYSTEM" },

This Postman request:

https://helm-iris-msgbank-data-0-0-web.apps.vapo-aws-dsoi-dev.va.gov/api/atelier/

with basic authentication gets 200 OK response:

{ "status": { "errors": [], "summary": "" }, "console": [], "result": { "content": { "version": "IRIS for UNIX (Ubuntu Server LTS for x86-64 Containers) 2022.1 (Build 212U) Tue Jul 5 2022 13:34:42 EDT", "id": "CA31F56A-FECA-11EC-8015-0A580A83029D", "api": 5, "features": [ { "name": "DEEPSEE", "enabled": true }, { "name": "ENSEMBLE", "enabled": true }, { "name": "HEALTHSHARE", "enabled": true } ], "namespaces": [ "%SYS", "HSCUSTOM", "HSLIB", "HSSYS", "IRISCLUSTER", "SCM_MB", "USER" ] } } }

[oliverwilms]

[gjsjohnmurray]

@oliverwilms does Server Manager consistently always fail to connect to particular servers and consistently succeed connecting to others? Or is the problem intermittent? If intermittent have you checked for license starvation on the server?

Based on the failure message I can tell you are using the regular release of Server Manager rather than the pre-release one (for which the message states 'Unavailable at ...'). The current version, 2.0.11, was published after you originally opened this issue and includes the fix for a problem that could leave the progress indicator spinning. Are you using that version? Do you still get the stuck spinner?

[oliverwilms]

The issue is consistently happening with any server which is a pod running on OpenShift Container platform. Another server which I started using docker run I can connect. All servers are running on the same AWS account. The stuck spinner was only observed once when I had decided to report the issue.

[oliverwilms]

I have switched to the prerelease Server Manager. Now I see the message: Unavailable at 2:19:10 PM

[gjsjohnmurray]

Is a web proxy configuration being used to connect to IRIS Portal using your web browser or with Postman?

I think VS Code extensions don't automatically use the same proxy as your web browser, so if a proxy is involved there probably needs to be a bit more config done in VS Code's Settings Editor.

[gjsjohnmurray]

@oliverwilms please try with these two settings:

"http.proxyStrictSSL": false,
"http.proxySupport": "fallback",

[oliverwilms]

the tail end of settings.json now looks like this:

"msgbank-0": { "webServer": { "scheme": "https", "host": "helm-iris-msgbank-data-0-0-web.apps.vapo-aws-dsoi-dev.va.gov", "port": 443 }, "username": "_SYSTEM" }, "iris": { "webServer": { "scheme": "http", "host": "test-clusterip-helm-valip-dev-iris.apps.vapo-aws-dsoi-dev.va.gov", "port": 80 }, "username": "_SYSTEM" } }, "http.proxyStrictSSL": false, "http.proxySupport": "fallback" }

Unfortunately the issue is NOT resolved.

[gjsjohnmurray]

@oliverwilms please download this zip, extract the VSIX and drop it into the Extensions view. Then replicate the issue. This time I hope the 'InterSystems Server Manager' channel of the OUTPUT panel tab will give some details of the connection error.

[oliverwilms]

I have installed the VSIX. I saw the same symptom (Unavailable) on the "good" server until it prompted me to enter password. The "bad" servers do not prompt for password and still show Unavailable. Nothing new showed in Output.

[oliverwilms]

As far as I can remember, I was never able to connect to IRIS running on OpenShift Container Platform.

I have one EC2 instance in AWS, where I run IRIS containers using a constant webport. Sometimes I can edit code from VS Code, sometimes it shows server unavailable.

Yesterday it did not connect, today it does connect. I just noticed many login failures in Audit database for /api/atelier. Is that normal?

[gjsjohnmurray]

I wouldn't expect so many LoginFailure events. Yours seem to appear in pairs, with about 0.2 seconds between the two events, and each pair starting about 1.2 seconds after the second event of the previous pair.

Normal behaviour would first show a LoginFailure for UnknownUser into the /api/atelier application. If the Server Manager extension hadn't previously been given permission to use InterSystems Server Credentials you should initially get this dialog:

After clicking "Allow" an input field in the top-centre of the window may ask you for the password of the username you configured on the connection (e.g. _SYSTEM). You get a chance to store it before proceeding. Provided the password is correct your audit should show successful login on the /api/atelier app for the specified username.

When doing your testing please don't have any workspace open, nor any files. Doing that ought to remove from the equation other extensions that may be trying to connect to the server. Audit messages about logins can then reasonably be assumed to be triggered by Server Manager.

Please check whether the Login audit event is enabled, and enable it if not.

Since connection to the container instances of IRIS fails intermittently I suggest you check license usage in case the failures happen because of license exhaustion.